private void button2_Click(object sender, EventArgs e) { if (!PasswordMeetsPolicy(txtPassword.Text, PwdPolicy)) { return; } Stopwatch stopW = new Stopwatch(); stopW.Start(); if (PWDTK.ComparePasswordToHash(_salt, txtPassword.Text, _hash, iterations)) { stopW.Stop(); //Password hash matches stored hash allow entry into system and log details as per corporate audit logging MessageBox.Show("Password hash matches stored hash"); MessageBox.Show("Creating the Hash and comparisson took a total of " + stopW.ElapsedMilliseconds.ToString() + " milliseconds, increase or decrease iterations to raise or lower this time"); } else { stopW.Stop(); //Password hash does NOT match stored hash, deny access and log details as per corporate audit logging MessageBox.Show("Password hash does NOT match stored hash"); MessageBox.Show("Creating the Hash and comparisson took a total of " + stopW.ElapsedMilliseconds.ToString() + " milliseconds, increase or decrease iterations to raise or lower this time"); } }
private bool PasswordMeetsPolicy(string Password, PWDTK.PasswordPolicy PassPolicy) { PasswordPolicyException pwdEx = new PasswordPolicyException(""); if (PWDTK.TryPasswordPolicyCompliance(Password, PassPolicy, ref pwdEx)) { return(true); } else { //Password does not comply with PasswordPolicy so we get the error message from the PasswordPolicyException to display to the user errorPasswd.SetError(txtPassword, pwdEx.Message); return(false); } }
private void button1_Click(object sender, EventArgs e) { if (!PasswordMeetsPolicy(txtPassword.Text, PwdPolicy)) { return; } //Get a random salt _salt = PWDTK.GetRandomSalt(saltSize); //Generate the hash value _hash = PWDTK.PasswordToHash(_salt, txtPassword.Text, iterations); //store as a minimum salt, hash and the userID in the database now, I would also recomend storing iteration count as this will likely change in the future as hardware computes faster and so you may need to adjust iterations in the future button2.Enabled = true; MessageBox.Show("Users Password Hash: " + PWDTK.HashBytesToHexString(_hash)); MessageBox.Show("Hash stored, now try changing the text in the password field and hit the \"Compare\" button"); }